[181089] in North American Network Operators' Group
Paging Versaweb!
daemon@ATHENA.MIT.EDU (Andy Blanchard)
Mon Jun 15 15:44:32 2015
X-Original-To: nanog@nanog.org
Date: Mon, 15 Jun 2015 20:44:30 +0100
From: Andy Blanchard <zocalo@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Is there anyone from Versaweb on the list, or anyone in the NOC at all?
Firstly, both the contact addresses you have listed in WHOIS (ipadmin@
and abuse-reports@) are bouncing emails - no such user.
More urgently, while trialling a new SIEM tool I've identified
literally thousands of unique IPs spread across at least nine separate
ARIN PI allocations scanning for MS DS / TCP:445 going back several
months. 162.255.180.0/24 would be a good place to start looking for
the common link - I've logged over 150 unique IPs in that block alone,
but the rest are not much better.
I hate to think what else might have slipped through the net - inbound
or outbound...
--
Andy
The only person to have all his work done by Friday was Robinson Crusoe
